Chicago – Attorney General Kwame Raoul today led a bipartisan coalition of 43 attorneys general calling on the Federal Trade Commission (FTC) to update and strengthen the rules technology companies must follow under the federal Children’s Online Privacy Protection Act (COPPA).
“Evidence continues to show there is more work to be done to protect our children from dangers they may encounter online,” Raoul said. “I urge the FTC to prioritize the safety and privacy of children and strengthen the federal rules that hold technology companies accountable. Illinois and states around the country will continue to use all available tools in collaboration with the FTC to ensure children are protected when they are online.”
In their comment letter submitted to the FTC, Raoul and the coalition point out the rules governing privacy protections for children up to age 13 have not been updated in over a decade. In that time, the digital world has evolved rapidly, with smartphones, social networks and connected devices becoming an even greater part of our lives.
Congress enacted COPPA in 1998 for the purpose of giving parents more control over information collected online from their children. The law directed the FTC to establish regulations for website operators or online services regarding how they collect, use and share personal information of children under 13 years of age.
The FTC is proposing changes to the COPPA Rule that would place new restrictions on the use and disclosure of children’s personal information and further limit the ability of companies to condition access to services on monetizing children’s data. The proposal aims to shift the burden from parents to providers to ensure that digital services are safe and secure for children.
While Raoul and the coalition support the FTC’s proposed rule, they also offer specific suggestions to strengthen its proposed amendments. Among other things, they urge the FTC to expand the definition of “personal information” to include biometric identifiers such as fingerprints, retina and iris patterns, a DNA sequence and data derived from voice data, gait data and facial data, as well as avatars generated from a child’s image and likeness. Raoul and the coalition also ask the FTC to adopt a comprehensive framework for determining whether services qualify for a proposed parental consent exception, and to prohibit operators from abusing the multiple-contact exception in COPPA with engagement-maximizing push notifications.
Under statute, both the FTC and state attorneys general are empowered to enforce COPPA. Since the COPPA Rule became effective, state attorneys general, on their own and in partnership with the FTC, have pursued multiple actions for violations of the COPPA Rule. For example, Raoul filed a lawsuit against Meta Platforms Inc. (Meta), the company that owns and operates Facebook and Instagram, for its harmful business practices targeting children. Raoul alleges that Meta’s business model, which seeks to capture as much user time and attention as possible to sell advertising, has targeted youth, including teenagers and even younger children, in ways that take advantage of them.
Joining Raoul in drafting the comment letter are the attorneys general of Mississippi, Oregon and Tennessee. Joining in submitting the letter are the attorneys general of Alabama, Alaska, Arizona, Arkansas, California, Colorado, Connecticut, Delaware, the District of Columbia, Florida, Georgia, Hawaii, Indiana, Kentucky, Maine, Maryland, Massachusetts, Michigan, Minnesota, Nebraska, Nevada, New Hampshire, New Jersey, New Mexico, New York, North Carolina, Ohio, Oklahoma, Pennsylvania, Puerto Rico, Rhode Island, South Carolina, South Dakota, Utah, Vermont, the U.S. Virgin Islands, Virginia, Washington and Wisconsin.